The Five Minute CIO: Brendan Healy, Irish Life

A major mainframe to Microsoft re-platforming project at Irish Life was a success but the outcome could have been so different. Group CIO Brendan Healy says the key was a compelling proof of concept, good governance, regular reporting and strong support from the CEO.

Can you map out the structure of Irish Life from an IT standpoint?

There are 2,500 employees in Irish Life in total. We have approximately 300 people working in IT across the Group. We have a combined IT infrastructure division called Group IT which employs around 70 people. It runs all IT services for our business divisions.

We also have an applications department for every division, to take business needs and turn them into new applications which would be taken into production and run for the business. Each division– Retail, Corporate Business, Investment Management and third-party services – has its own Head of IT which reports into its divisional CEO.

I’m the Group’s CIO. We have an overall governance board to manage IT across the business, called the IT executive. Each year we get an updated corporate strategy, which we consider from an IT perspective. Then, the heads of IT for each division take the strategy from the CEO and translate that into an IT strategy for each business.

What are your main duties?

Coordinating the activity of IT across the group is probably the major part of the role. Also, I oversee operational issues in the central part of IT. We have various different governance boards that help us to co-ordinate activity across the group.

How did you get to your current role?

I started work in IT in the public sector and I stayed for eight years in the Department of Finance. When I left, I joined Irish Permanent Building Society, as it was then, in a technical management role. I took on various roles both inside and outside the IT Department over the next 14 years. After the merger of Irish Life and Irish Permanent, I ran the Operations Department of the bank and after a couple of years, I moved back to IT to run the Group IT function. I moved to Group CIO in 2004.

Do you see IT just as a cost to be managed as effectively as possible or one that can deliver real business benefit?

Definitely, it’s the latter. You can look at IT in two different ways: for IT services you must deliver highly available, high-quality service while you try to manage the costs down, taking account of the risk and compliance issues that arise. Without these services the business will stop, so it’s absolutely essential that your IT services are running all the time.

In terms of the value-added side, the applications development area normally delivers applications that drive down the operating costs of the business, or create new business opportunities such as new channels to market, new products or services. They have to be deeply integrated with the business for that to occur.

What’s the key to striking that balance?

Keeping the IT systems that support the business and keep it up and running sometimes can be looked at as a facilities management exercise. It’s much more than that, given that IT systems are a core part of financial products and services. You can’t separate the two out. Sometimes that can go unnoticed.

The second part is how you deliver new value. The business needs to decide how much it wants to invest in this area. This will vary over time depending on the business and economic cycles. Investment in new IT services inevitably brings business change, this needs to be carefully managed. We have invested heavily in IT over the past 10 years.

Can you give an example of a recent IT project that delivered business benefit?

About five or six years ago we were looking at cost of IT across the group. We were looking to control costs as much as possible and we looked at an initiative to take 20pc of the cost of IT out of the business. We identified some of our large systems – for example, our mainframes were expensive, even though they were driving value.

We did some research and saw we could probably get up to an 80pc cost reduction on our mainframe running costs but there was significant cost and risk and effort in getting there. We initially performed a proof of concept on Irish Life Retail’s CLOAS [IBM-mainframe-based life insurance administration platform]. We conducted some very successful proof of concept exercises to show it was technically feasible.

We then started a re-platforming project with Microsoft, initially as a proof of concept in 2009, and then the main project proper ran from March 2010. The last phase went live in February of this year. We’re delighted we achieved the cost savings.

We have moved all of that historical book entirely onto Windows. The Irish Life Retail business doesn’t have a dependency on the mainframe any more. Now that this is complete, we have the opportunity to run additional policies on our new system with minor increases in cost. On the mainframe it would have involved a large and expensive upgrade. Batches were a constraint on the old system. Now it’s no longer an issue.

How does this re-platforming project map to your business goals?

It gives us cost savings which improves our efficiency. In the old world, our call centre opened 8am to 8pm. In this world, if we so desire, we can have the CLOAS system up a lot more because the batch processing times have reduced significantly, from eight hours down to two hours. It’s given us this extra headroom of business flexibility and cost reduction. It does put us in a space where we are more competitive than others.

Did the business benefits make this an easier project to ‘sell’ to the board?

We were charged by our strategy group to take 20pc of our costs out, and this is one of projects where a large saving could be made if an investment was made. No doubt a project like this is high cost and high risk. We needed to do a proof of concept to ensure senior board members got comfortable with it.

Projects like this have a chequered history; re-platforming projects typically fail, or take multiples of the budget or timelines. We put in place regular reporting to the board to see how our progress was going. We had everybody aligned in terms of what was important

From a governance and control point of view, that made things easier. I believe personally we have a special group of people here and it took their work, energy and commitment to get the project to be a success. To some extent we were lucky to have the confluence of all those things.

Happily it went in with hardly a blip. I’ve spent 25 years in IT and I’ve never seen a project be so successful. Obviously this is a project that could easily have not got sponsorship, but on all sides there was a willingness to do it, strongly supported by the Business CEO.

There’s seems to be a shift happening in IT, away from a command and control model to one where the users have a lot more say in the technology they use. What’s your view of this?

People are definitely using a variety of devices to use IT services, but the backend services have to be robust and be able cope with the volumes you expect.

As a company we have definitely exploited that trend. We brought [mobile] technology to our sales force 10 years ago, and that was unusual in the life business back then.

Obviously in insurance you deal with sensitive information: how is that reflected in your security spending, for example?

We have our own internal IT security department that looks after security, risk and compliance. As part of any new application development we consider any security implications. It’s something our IT executives take seriously and is regularly discussed at our governance meetings. It is also part of our key operational risks.

Cybercrime is front page news these days, but is that reflected in what you’re seeing on the front lines?

We measure the number of attacks, email or spam attacks or viruses. At times you see peaks coming in that; there are lots of them happening all of the time. We continue to invest in the latest technologies to keep our security systems up to date.

Is security a factor in whether or not you’re considering the cloud, for example?

Security is always an issue; there are issues of scale too. We run hundreds of Windows servers and around a hundred UNIX servers. It wouldn’t have real value unless you’re doing it at scale. We have probably not reached the scale where the cost benefit is there for us yet.